Do Not Track support added to Chrome, arriving by the end of the year

The latest nightly builds now include support for the pro-privacy header.

Developers of Google's Chrome browser added support to the browser's source code for the "Do Not Track" Web privacy feature yesterday. The feature will make its way through Google's various alpha/beta browser versions, and should make it into the stable version of the browser by the end of the year.

Do Not Track is a proposed standard that allows users to tell sites they visit that they do not wish for third parties to record their online activity. The feature has been controversial due to Microsoft's Do Not Track implementation in Internet Explorer 10. Redmond forces users to express a Do Not Track preference when first using Windows 8, and the default preference is to enable it. In retaliation, Apache has changed its default configuration file to completely ignore Do Not Track when sent by Internet Explorer.

A new advanced setting: Do Not Track.

Chrome's implementation is much less in-your-face. The setting is tucked away in the advanced section of the browser's settings page. When enabled, it sends the required header. Any third parties who respect the header will duly stop tracking activity—though the full implications of what this means for online advertisers and other third parties remain unclear.

The feature is currently available in Chrome's unstable Canary version; it should soon be integrated into the dev branch, then the beta branch, before making it into the stable version. With dev and beta branches typically taking about six weeks each, this means that the feature will become mainstream shortly before the end of the year.

With this change, Google is fulfilling the commitment it made to the White House in February to support Do Not Track. Of the three main browsers, Google has moved slowest on Do Not Track support. Mozilla Firefox added support in early 2011. Internet Explorer 10 with its Do Not Tack support is available today to corporate users with access to Windows 8, and should become more widely available on October 26th.

I'm leery of Do Not Track (not the specific implementation in this article, just in general). I have a "don't trust" policy when it comes to giving others my personal information, and Do Not Track requires you to trust the advertiser.

I'm not arguing with you, but it'd be useful to explain why you hate it.

I don't like it because there's absolutely no onus on the advertiser's part to agree to this. It won't offer any inconvenience to unscrupulous advertisers, and as we've seen with IE10 if the browser manufacturer is seen to break the good faith contract, the header becomes useless for all users of their browser.

As is, you are not giving out personal information to advertisers. You are allowing them to place a unique identifier cookie on your computer. That's it. As an advanced setting like this, I have no problem with Do Not Track, but it has nothing to do with your "personal information."

I'm not arguing with you, but it'd be useful to explain why you hate it.

I don't like it because there's absolutely no onus on the advertiser's part to agree to this. It won't offer any inconvenience to unscrupulous advertisers,

It's true that cheating is possible - there is no built-in way to verify nice behavior. But that's true of a lot of things, whenever you use your credit card, the shop could in theory do something nasty with it behind the scenes. There are indirect ways to tell whether advertisers or credit-card-using shops are behaving nicely behind the scenes (correlating fraud to where people used their cards for credit cards, correlating which ads are shown for advertisers).

You need to say why you don't like. I like the idea if the idea had teeth. Anytime you leave it upon others to just "do the right thing" they tend to give lip service to it rather then actually abiding by it. Corporations being some of the worst offenders of this since their only ethic is to be profitable. I'd rather government actually passed laws and polices to govern this.

I have no problem with Do Not Track, but it has nothing to do with your "personal information."

Sure, if you don't consider what you do or where you go to be personal."personal information" isn't just limited to your name/gender/address/ssn/what-have-you

Then you'd better stop using the Internet altogether. Your public IP address is logged in some form, usually, to every single server you use when you browse a website. That's about the extent of the information that advertisers have access to. So by your own logic, you'd better just cancel your Internet service and never use it again.

Your public IP address is logged in some form, usually, to every single server you use when you browse a website. That's about the extent of the information that advertisers have access to.

In the case of Google, they have your IP when you visit a site with adwords, which they can connect to your google account that is logged in for gmail, which has the contents of all your emails, and of course also all the google searches you perform.

Even in the case of non-Google advertisers, they have a lot more than your IPs in a few random sites. A few big advertisers run most ads on the web, and they can connect your activity pretty well. For a visualization of how that works, see http://www.mozilla.org/en-US/collusion/demo/

I have no problem with Do Not Track, but it has nothing to do with your "personal information."

Sure, if you don't consider what you do or where you go to be personal."personal information" isn't just limited to your name/gender/address/ssn/what-have-you

Then you'd better stop using the Internet altogether. Your public IP address is logged in some form, usually, to every single server you use when you browse a website. That's about the extent of the information that advertisers have access to. So by your own logic, you'd better just cancel your Internet service and never use it again.

Yes, instead of trying to improve things, let's just give up and be idiotic about it.

Your public IP address is logged in some form, usually, to every single server you use when you browse a website. That's about the extent of the information that advertisers have access to.

In the case of Google, they have your IP when you visit a site with adwords, which they can connect to your google account that is logged in for gmail, which has the contents of all your emails, and of course also all the google searches you perform.

Even in the case of non-Google advertisers, they have a lot more than your IPs in a few random sites. A few big advertisers run most ads on the web, and they can connect your activity pretty well. For a visualization of how that works, see http://www.mozilla.org/en-US/collusion/demo/

Your logic is flawed here:

Quote:

they have your IP when you visit a site with adwords, which they can connect to your google account that is logged in for gmail

You're assuming that the users is ALWAYS actively logged into Gmail. If that were the case, what you are saying would be true. But it's not. You could argue that the average person never erases their cookies and stays logged into all the Google services that they use, without ever logging out, but even then, the remedy is simple: Raise awareness that you should always log out of anything after you use it. In fact, I think that most people are aware of this rule of thumb already, but just might not know that they should exercise it on their home PCs as well, not just in public places.

Even if the masses are ignorant to the idea of logging out of your account whenever you don't need to be logged in anymore, that's just ignorance on their part, not the fault of Google nor advertisers. They're making use of all of the information available at their fingertips. That's not wrong. The user has the ability to control this information access to a large degree, and if they don't know how, well, they can do, ironically, a Google search to find out how.

I have no problem with Do Not Track, but it has nothing to do with your "personal information."

Sure, if you don't consider what you do or where you go to be personal."personal information" isn't just limited to your name/gender/address/ssn/what-have-you

Then you'd better stop using the Internet altogether. Your public IP address is logged in some form, usually, to every single server you use when you browse a website. That's about the extent of the information that advertisers have access to. So by your own logic, you'd better just cancel your Internet service and never use it again.

Yes, instead of trying to improve things, let's just give up and be idiotic about it.

i find the whole debate rather theoretical - the truth is that the world is full of advertisement space - and i honestly which i could opt out as easy as i can when stat using my browser (using ad-block). Want i want is an ad-block walking down my street - where ads are everywhere and they do look real bad - spoiling the landscape, buildings, squares ... There is but a zillion ways to get rid of cookies, ads, ect, not sure why this is still something folks get all fuzzy ... don't like cookies - well don't accept them! Dot like ads - well block them ...

Yes, instead of trying to improve things, let's just give up and be idiotic about it.

That's what the post I responded to implied. Not me.

No that seems to be exactly your position: Since there are always some ways for rogue advertisement firms to get lots of information, let's just give up any way to improve the current situation.

That's just like saying that since credit cards can't be made 100% secure (especially not in the face of rogue companies you give your information), we should just give up on improving security completely.

...as we've seen with IE10 if the browser manufacturer is seen to break the good faith contract...

Please explain.

The incorrect premise is that because in IE10 the default for DNT is set to not track, and a number of people seem incapable of reading the installation/setup screens that note such, they think that MS has set it without notifying the user.Subsequently, Apache (of which MS is an Platnum ASF sponsor) has a pending change to the Apache webserver that says "If you are using IE10, ignore the DNT". Which in turn has Apache breaking the good faith contract on behalf of people who are unable to read and simply come to conclusions.

Yes, instead of trying to improve things, let's just give up and be idiotic about it.

That's what the post I responded to implied. Not me.

No that seems to be exactly your position: Since there are always some ways for rogue advertisement firms to get lots of information, let's just give up any way to improve the current situation.

That's just like saying that since credit cards can't be made 100% secure (especially not in the face of rogue companies you give your information), we should just give up on improving security completely.

I never said we should give up trying to improve anything. Quote me please if you found somewhere where I said that. I sarcastically replied to a post, apparently it went over your head. Let's just move on then.

I installed that "Collusion" add-on even though I didn't really want to bother, and now I can see that it just shows what we already know, just in a fancy presentation: Advertisers have javascript that runs on sites like, for example, IMDB, that allows them to collect information such as your IP address and what site you visited. IMDB is basically just passing on whatever *very very very very* small amount of information that they have based on your own choosing to visit their site, to advertisers. But it's not *that* useful. The most they know is that some guy browsing from <insert IP here> browsed a movie site. So if you encounter their ads somewhere else or on the same site, they might have some code to show you ads about movies, as opposed to being randomly selected from a pool of other ads.

What's the big deal about this in terms of them having your "personal information?" I don't see a threat here.

I installed that "Collusion" add-on even though I didn't really want to bother, and now I can see that it just shows what we already know, just in a fancy presentation

Sadly your explanation of the problem, doesn't match the actual proble (also you don't have to actually install the add-on in the first place to get a demonstration - which you would've known if you had actually read the page.. a nice demonstration of another well known principle that nobody ever reads disclaimers anyhow; works the same for privacy issues). It's not about an advertiser finding out that a person likes to watch what kind of movies, it's about the much more interesting fact that you can easily create complete profiles and link information from thousands of websites together to single individuals - especially if you happen to be google where almost everybody has an account - and contrary to your beliefs is actually logged in (not that that would actually matter - another misunderstanding on your part; tracking cookies don't disappear just because you log out)

And yes that obviously creates privacy problems - just see the study that shows how easily you can map birthdate, gender and 5 digits ZIP code to a single individual in the US and how well that works.

You're assuming that the users is ALWAYS actively logged into Gmail. If that were the case, what you are saying would be true. But it's not. You could argue that the average person never erases their cookies and stays logged into all the Google services that they use, without ever logging out, but even then, the remedy is simple: Raise awareness that you should always log out of anything after you use it. In fact, I think that most people are aware of this rule of thumb already, but just might not know that they should exercise it on their home PCs as well, not just in public places.

Even if the masses are ignorant to the idea of logging out of your account whenever you don't need to be logged in anymore, that's just ignorance on their part, not the fault of Google nor advertisers. They're making use of all of the information available at their fingertips. That's not wrong. The user has the ability to control this information access to a large degree, and if they don't know how, well, they can do, ironically, a Google search to find out how.

You are incorrect in your assumptions. Google (and other ad networks) have tracking cookies installed at at times. Whether you are logged in or not, they are still tracking you. Google only needs to know once that the person with those tracking cookies is the same person with a specific G-account and they have the tie.

The issue here is that most people who aren't in the industry have no idea how much information Google and the rest have about them via tracking their habits online. Google knows when you are sick and what you have via your web searches. They probably know where you live, what you do for work, how old you are, who you communicate with, etc.

If the news covered in detail what information Ad-Networks have on their users, people would be up in arms, but most news provides also run websites that monetarily benefit from collecting this level of detail about their users.

I installed that "Collusion" add-on even though I didn't really want to bother, and now I can see that it just shows what we already know, just in a fancy presentation

Sadly your explanation of the problem, doesn't match the actual proble (also you don't have to actually install the add-on in the first place to get a demonstration - which you would've known if you had actually read the page.. a nice demonstration of another well known principle that nobody ever reads disclaimers anyhow; works the same for privacy issues). It's not about an advertiser finding out that a person likes to watch what kind of movies, it's about the much more interesting fact that you can easily create complete profiles and link information from thousands of websites together to single individuals - especially if you happen to be google where almost everybody has an account - and contrary to your beliefs is actually logged in.

And yes that obviously creates privacy problems - just see the study that shows how easily you can map birthdate, gender and 5 digits ZIP code to a single individual in the US and how well that works.

You're right, I didn't notice that I didn't need to install the add-on. However, this isn't an important point and doesn't really add anything to the conversation. I installed the add-on and gained the knowledge of what it was, and hence, the same information that the demonstration would have provided me with. Let's move on.

Quote:

It's not about an advertiser finding out that a person likes to watch what kind of movies, it's about the much more interesting fact that you can easily create complete profiles and link information from thousands of websites together to single individuals - especially if you happen to be google where almost everybody has an account - and contrary to your beliefs is actually logged in.

You *could* come up with a complex profile given even the small amount of information obtained by advertisers per site, over a large period of time, in a big database somewhere, about someone browsing from a single IP, and *IF* they are logged into their Google account, who they are and other things. However, this is not realistically what advertisers would try to do. It's not feasible from a resource standpoint even if they had a monumental amount of funding directly targeted towards the technological resources that they would need to maintain such a MASSIVE database and the hardware that it runs on. It's just not likely to happen.

And I'll go back to my point: If you're aware of it and how it happens, then stop using things that allow it to happen. Sure, it's fine to ask for improvements to be made to accommodate everyone better in terms of security, that's certainly a "nice to have", but they don't have any obligation to fulfill this. Nor should they.

I don't like the idea any more than you do. But I have to accept their right to do it based on reason.

You're assuming that the users is ALWAYS actively logged into Gmail. If that were the case, what you are saying would be true. But it's not. You could argue that the average person never erases their cookies and stays logged into all the Google services that they use, without ever logging out, but even then, the remedy is simple: Raise awareness that you should always log out of anything after you use it. In fact, I think that most people are aware of this rule of thumb already, but just might not know that they should exercise it on their home PCs as well, not just in public places.

Even if the masses are ignorant to the idea of logging out of your account whenever you don't need to be logged in anymore, that's just ignorance on their part, not the fault of Google nor advertisers. They're making use of all of the information available at their fingertips. That's not wrong. The user has the ability to control this information access to a large degree, and if they don't know how, well, they can do, ironically, a Google search to find out how.

You are incorrect in your assumptions. Google (and other ad networks) have tracking cookies installed at at times. Whether you are logged in or not, they are still tracking you. Google only needs to know once that the person with those tracking cookies is the same person with a specific G-account and they have the tie.

The issue here is that most people who aren't in the industry have no idea how much information Google and the rest have about them via tracking their habits online. Google knows when you are sick and what you have via your web searches. They probably know where you live, what you do for work, how old you are, who you communicate with, etc.

If the news covered in detail what information Ad-Networks have on their users, people would be up in arms, but most news provides also run websites that monetarily benefit from collecting this level of detail about their users.

They might have the ability if they wanted to to access and correlate this information, no argument there. But *realistically*, I highly doubt they are dedicating resources to building a Skynet-esque database of every person on the planet. Such a feat would have very low benefit and very high cost, not to mention be highly illegal if discovered depending on a number of factors, of course.

I think you're theorizing too much rather than looking at it realistically. Theorizing is all well and good, and can be fun, but we need to try to stay grounded in reality. You have no evidence that they have this information or are tracking it, and I do agree that they *could*, barring the amount of time, effort, money, secrecy, and resources it would require, but that doesn't mean that they actually *do* it.

You're sounding a little too much like someone with a little tin-foil hat.

Also just saying: IP address rotate, cookies expire, and multiple people use the same computer in some house holds. If you take a laptop around or a smart phone, if you change WiFi networks, you're not even using the same IP address anymore, so their correlation to who you are is now fragmented. They may track multiple networks from which you have signed into your Google account, but it's not really as simple in a realistic setting as you make it sound. How do they know your home network IP hasn't changed and you aren't at Starbucks right now or somewhere else? Consider these things.

You *could* come up with a complex profile given even the small amount of information obtained by advertisers per site, over a large period of time, in a big database somewhere, about someone browsing from a single IP, and *IF* they are logged into their Google account, who they are and other things. However, this is not realistically what advertisers would try to do. It's not feasible from a resource standpoint even if they had a monumental amount of funding directly targeted towards the technological resources that they would need to maintain such a MASSIVE database and the hardware that it runs on. It's just not likely to happen.

Advertisers are already doing exactly that (behavioral tracking based on what kind of webpages people visit - quite elaborate actually). Your claim that this is not happening based on "technological resources" is quite fun, considering that we're talking amongst other things about google - you know the one company with some of the largest data centers world wide, that makes almost all of its money by correlating information about its users to what ads it should show them.

No, you severely overestimate the difficulty in setting up the necessary hardware and software and even more severely underestimate the amount of money involved in the advertisement business. Yes it's not a trivial problem, but if you can make billions every year (obvious example google), companies are quite likely to invest money into the whole business.

On another note: Tracking cookies don't disappear just because you log out, the only thing google needs to know that the PC with the tracking cookies installed logged once into account Y and they can link your data already. So "just log out every time before you do anything else (and god help you if you actually use more than one tab)" isn't going to help you much either.

And even if I can actually avoid all this problems (considering how many different kinds of tracking cookies exist [and how hard they are to get rid of, old example flash, newer one: html5 storage,..], the fact that there are studies that show how easily you can identify people based on the information sent by the browser alone, etc. I can pretty much guarantee that I can't) that's not going to help 99.9% of the population.

As always Google's sly tactics. They had to pay a fine for illegally tracking Safari users and now they are forced to go with the flow - in the 40th iteration of their browser. Paragons of privacy indeed.

Yes, I only have a useless comment. I'm not completely against tracking, but I also run with a lot of privacy add-ons in Firefox, while none at all in Chrome. But then none of the advertisers have outed my interest in tiny unicorn figurines, crocheted goat erotica, or tree-hugging hippie chicks versus uptight right-wing survivalist mothers mud-wrestling to my employer, parents, life coach, PTA, Satanic pastor, and so forth.

You *could* come up with a complex profile given even the small amount of information obtained by advertisers per site, over a large period of time, in a big database somewhere, about someone browsing from a single IP, and *IF* they are logged into their Google account, who they are and other things. However, this is not realistically what advertisers would try to do. It's not feasible from a resource standpoint even if they had a monumental amount of funding directly targeted towards the technological resources that they would need to maintain such a MASSIVE database and the hardware that it runs on. It's just not likely to happen.

Advertisers are already doing exactly that (behavioral tracking based on what kind of webpages people visit - quite elaborate actually). Your claim that this is not happening based on "technological resources" is quite fun, considering that we're talking amongst other things about google - you know the one company with some of the largest data centers world wide, that makes almost all of its money by correlating information about its users to what ads it should show them.

No, you severely overestimate the difficulty in setting up the necessary hardware and software and even more severely underestimate the amount of money involved in the advertisement business. Yes it's not a trivial problem, but if you can make billions every year (obvious example google), companies are quite likely to invest money into the whole business.

On another note: Tracking cookies don't disappear just because you log out, the only thing google needs to know that the PC with the tracking cookies installed logged once into account Y and they can link your data already. So "just log out every time before you do anything else (and god help you if you actually use more than one tab)" isn't going to help you much either.

And even if I can actually avoid all this problems (considering how many different kinds of tracking cookies exist [and how hard they are to get rid of, old example flash, newer one: html5 storage,..], the fact that there are studies that show how easily you can identify people based on the information sent by the browser alone, etc. I can pretty much guarantee that I can't) that's not going to help 99.9% of the population.

You're confusing something very specific that I said and being vague about your response (or maybe I didn't explain it properly). I meant non-voluntary, anonymous users being tracked in massive databases over a long period of time, where every possible bit of information about their lives is being tracked as and if it can be acquired. Information like your personal address, medical history, SSN, and STORING this information PERMANENTLY.

I'm not talking about temporary rolling databases that work short-term for targeted advertising. Those exist, and the hardware and software required to run them is trivial, because they only store what is needed to do the bare minimum of targeted advertising.

Now, Google on the other hand, with services like Gmail, and such, is drastically different if you are a voluntary user of their services. You're giving them this information knowingly (technically speaking with mediums like e-mail and such, but not filled into special fields or anything like that), so they'll store whatever they can because you gave it to them (things like e-mails, etc, are obviously stored so that you can access them again later).

What I do not think is happening barring evidence that it is, is that advertisers have database tables set up with fields that contain information about you such as your home address, last date you went to the dentist, favourite colour, your sister's name, etc.

I don't care if they skim some cream from the top, so to speak, it's not a big deal. I care if they steal my glass.

Here's what I mean:

Google having an e-mail on their server that I sent where I say to someone else "My favourite colour is blue" is often used in dialog as "Google knows my favourite colour, they have this information", because they "have" the e-mail. This is just a stupid way of generalizing them "having" certain information, based on the technicality of words.

If they extrapolate my favourite colour from my e-mail and store it in a special field of a table that contains other information all about me, then it becomes quite different. Prove to me that things like this are being done, and I will agree with you completely.

I'm not arguing with you, but it'd be useful to explain why you hate it.

I don't like it because there's absolutely no onus on the advertiser's part to agree to this. It won't offer any inconvenience to unscrupulous advertisers, and as we've seen with IE10 if the browser manufacturer is seen to break the good faith contract, the header becomes useless for all users of their browser.

I like how this is the browser vendor's fault for "breaking the contract" instead of being "private by default."

You *could* come up with a complex profile given even the small amount of information obtained by advertisers per site, over a large period of time, in a big database somewhere, about someone browsing from a single IP, and *IF* they are logged into their Google account, who they are and other things. However, this is not realistically what advertisers would try to do. It's not feasible from a resource standpoint even if they had a monumental amount of funding directly targeted towards the technological resources that they would need to maintain such a MASSIVE database and the hardware that it runs on. It's just not likely to happen.

Advertisers are already doing exactly that (behavioral tracking based on what kind of webpages people visit - quite elaborate actually). Your claim that this is not happening based on "technological resources" is quite fun, considering that we're talking amongst other things about google - you know the one company with some of the largest data centers world wide, that makes almost all of its money by correlating information about its users to what ads it should show them.

No, you severely overestimate the difficulty in setting up the necessary hardware and software and even more severely underestimate the amount of money involved in the advertisement business. Yes it's not a trivial problem, but if you can make billions every year (obvious example google), companies are quite likely to invest money into the whole business.

On another note: Tracking cookies don't disappear just because you log out, the only thing google needs to know that the PC with the tracking cookies installed logged once into account Y and they can link your data already. So "just log out every time before you do anything else (and god help you if you actually use more than one tab)" isn't going to help you much either.

And even if I can actually avoid all this problems (considering how many different kinds of tracking cookies exist [and how hard they are to get rid of, old example flash, newer one: html5 storage,..], the fact that there are studies that show how easily you can identify people based on the information sent by the browser alone, etc. I can pretty much guarantee that I can't) that's not going to help 99.9% of the population.

You're confusing something very specific that I said and being vague about your response (or maybe I didn't explain it properly). I meant non-voluntary, anonymous users being tracked in massive databases over a long period of time, where every possible bit of information about their lives is being tracked as and if it can be acquired. Information like your personal address, medical history, SSN, and STORING this information PERMANENTLY.

I'm not talking about temporary rolling databases that work short-term for targeted advertising. Those exist, and the hardware and software required to run them is trivial, because they only store what is needed to do the bare minimum of targeted advertising.

Now, Google on the other hand, with services like Gmail, and such, is drastically different if you are a voluntary user of their services. You're giving them this information knowingly, so they'll store whatever they can because you gave it to them (things like e-mails, etc, are obviously stored so that you can access them again later).

What I do not think is happening barring evidence that it is, is that advertisers have database tables set up with fields that contain information about you such as your home address, last date you went to the dentist, favourite colour, your sister's name, etc.

I don't care if they skim some cream from the top, so to speak, it's not a big deal. I care if they steal my glass.

Here's what I mean:

Google having an e-mail on their server that I sent where I say to someone else "My favourite colour is blue" is often used in dialog as "Google knows my favourite colour, they have this information", because they "have" the e-mail. This is just a stupid way of generalizing them "having" certain information, based on the technicality of words.

If they extrapolate my favourite colour from my e-mail and store it in a special field of a table that contains other information all about me, then it becomes quite different. Prove to me that things like this are being done, and I will agree with you completely.

I would assume that such things are being done, but I have no proof. Because I don't I don't worry about it that much. Mostly because even if they are doing it, the lack of proof suggests they aren't doing anything with it.

Another thing to keep in mind, is that since they have the data in the email, should they decide to start tracking such info, it will be trivially easy for them to do so. So just because they may not be doing it now, doesn't mean they can't easily start in the future.

Google having an e-mail on their server that I sent where I say to someone else "My favourite colour is blue" is often used in dialog as "Google knows my favourite colour, they have this information", because they "have" the e-mail. This is just a stupid way of generalizing them "having" certain information, based on the technicality of words.

If they extrapolate my favourite colour from my e-mail and store it in a special field of a table that contains other information all about me, then it becomes quite different. Prove to me that things like this are being done, and I will agree with you completely.

You probably shouldn't be thinking of it in terms of "here's a fixed DB schema with all the information we may have about you", because that's not how large information storage works - or could ever work.

What if they don't have a specific entry that says "Brass2TheMax favorite color is blue" but instead can write a query that goes through your unstructured text and returns something like "with 89.3% guarantee Brass2TheMax favorite color is blue"? The second is much more likely (standard relational DBs just don't scale to the sizes we need for this problem)

Now I doubt they're going to have your SSN information, but what they can "easily" do is find your address, name, birthdate and interests. And if you ever informed yourself about some illness, they will have that information too - "oh you've spent several hours looking up information about diabetes, and bought insulin? interesting", so they can certainly extrapolate medical information from browsing habits to some degree.A non internet example that comes to mind would be that walmart can decide based on buying decisions of their customers when someone gets pregnant (and I'm not talking about buying books about parenting).

I find it funny how people get so worked up about DNT. If every server obeyed the current DNT specification then it's essentially the same as not allowing third-party cookies. With the difference that the server knows that I'm not allowing third-party cookies. Why does everyone get their panties in a twist?

My issue is with IE enabling it by default. The standard hasn't been solidified, thus the implications are unknown. Why don't they focus on implementing WebGL first...

I would assume that such things are being done, but I have no proof. Because I don't I don't worry about it that much. Mostly because even if they are doing it, the lack of proof suggests they aren't doing anything with it.

Another thing to keep in mind, is that since they have the data in the email, should they decide to start tracking such info, it will be trivially easy for them to do so. So just because they may not be doing it now, doesn't mean they can't easily start in the future.

So we basically agree then. I agree that these things *could* be done (as in, the capability is certainly there), but I don't have any evidence that it's actually being done right now, hence any reason (at this time) to believe that these things are being done. If evidence comes around for this sort of behaviour, then you and I would both have cause to worry.

Voo42 wrote:

You probably shouldn't be thinking of it in terms of "here's a fixed DB schema with all the information we may have about you", because that's not how large information storage works - or could ever work.

What if they don't have a specific entry that says "Brass2TheMax favorite color is blue" but instead can write a query that goes through your unstructured text and returns something like "with 89.3% guarantee Brass2TheMax favorite color is blue"? The second is much more likely (standard relational DBs just don't scale to the sizes we need for this problem)

Now I doubt they're going to have your SSN information, but what they can "easily" do is find your address, name, birthdate and interests. And if you ever informed yourself about some illness, they will have that information too - "oh you've spent several hours looking up information about diabetes, and bought insulin? interesting", so they can certainly extrapolate medical information from browsing habits to some degree.A non internet example that comes to mind would be that walmart can decide based on buying decisions of their customers when someone gets pregnant (and I'm not talking about buying books about parenting).

You make some excellent points. You're right, I shouldn't think in terms of a set database schema, but more in terms of queries and algorithms to predict this sort of information to a degree of accuracy based on the information at hand. Just keep in mind though that just because you might be searching about diabetes doesn't mean that the probability that "you" have diabetes is higher is correct. You might be searching for it because a family member has it and you want to know more about it. Advertisers can't know this of course, and I would almost argue that such tracking of this information is a huge gamble for them in that they could be very right or very wrong about the users of whose information they are tracking. So there are no guarantees that they really will find out as much about you as you think, necessarily. People search for things that don't directly affect nor apply to them all the time. sometimes they search for things about other people, or things that they just feel curious about in the moment and don't care about at all later. We've all been there and done that. I would almost argue that such human behaviour would even muddy the waters on what advertisers think that they know about you, but really don't.

Remember, for all the accurate information they would get about you, they would be getting one hell of a lot of wrong assumptions about you as well. Kind of reminds me of a method of erasing personal information from a hard disk, where you write over the pertinent data so many times with garbage that it becomes unreliably retrievable.